Regular Expression Denial Of Service in uri-js

Severity:: Medium

Description

Affected versions of uri-js is susceptible to a regular expression denial of service vulnerability when user input is sent to the .parse() method.

Recommendation

Update the uri-js package to the latest compatible version. Followings are version details:

Affected version(s): < 3.0.0
Patched version(s): 3.0.0

References

GHSA-333w-rxj3-f55r
www.npmjs.com
nodesecurity.io
CVE-2017-16021
CWE-1333
CWE-400
CAPEC-310
OWASP 2021-A6

Related Issues

Regular Expression Denial of Service in debug - CVE-2017-16137
Regular Expression Denial of Service in timespan - CVE-2017-16115
Regular Expression Denial of Service in slug - CVE-2017-16117
Regular Expression Denial of Service in string package - CVE-2017-16116

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; uri-js

Anything's wrong? Let us know Last updated on April 22, 2024